Imagine you have a web server with an application and containing some static files which you only want to serve for visitors of your application. You also want to prevent that external domains can embed your pictures (hotlink) in their websites. This is where the nginx parameter "valid_referers" comes to play.

Scenario:
- Application running on under domain "app.example.com"
- There is a static file (an image) called "image.jpg"
- The image can only be displayed through the domain "app.example.com"

The following nginx config (residing within the 'server' definition) takes care of the rule:

location: Defines a location for all requests ending with .jpg or .png.
valid_referers none: All requests without a http referer will be treated as a valid referer (allowed). This is typically when your own application embeds the picture with a relative path (/image.jpg). Direct URL access also have no referer.
valid_referers app.example.com: All requests coming from "app.example.com" as referer are treated as valid and are allowed.
the if clause: All other referers/sources are treated as invalid and nginx will return a http status 410 (gone).

Now how does that work in a practical example?
Let's open a browser and go to http://app.example.com/image.jpg. The image is shown in the browser and the nginx access log shows the following entry: